Home › News › Security
Google fixes two critical Chrome flaws
Without much fanfare, Google has pushed out an update for Chrome that will seal up two vulnerabilities which could have posed a serious risk.
One flaw pertained to potentially fraudulent HTTPS sessions, and the more dangerous of the two could be triggered by visiting a maliciously-crafted page with certain XML content. Google has pushed out version 2.0.172.43 of Chrome already, making it available for download to anyone who uses Chrome. If you haven't updated already, it's a good idea to snag it.
Interestingly, Google is crediting how they discovered the flaws. Mozilla's security team was apparently responsible for alerting Google to one problem, and a security researcher was credited with discovering the other. That may be only a small note, but it is encouraging to see browser developers working together in some fashion.
Related Stories
User Comments (10)
Post a comment|
strategic
on August 25, 2009 7:01 PM |
Interesting, I wonder if this has anything to do with Google being so "nosy"... |
|
red1776
on August 25, 2009 7:11 PM |
doesn't Mozilla get its funding from Google? or did I misunderstand that in the past? |
|
Matthew
on August 25, 2009 7:32 PM |
@red1776: Last I knew, the two had an agreement over Google being the default search provider for Firefox. I'm pretty sure they still have that locked down for a few years (unless something has changed). The last time I read anything about it (6+ months ago I believe) that deal made up some 80-90% of Mozilla's income. |
|
strategic
on August 25, 2009 7:36 PM |
doesn't Mozilla get its funding from Google? or did I misunderstand that in the past? I guess you're right Red, I never knew that until I found this article. Through revenue that comes from search ads, Google supplied Mozilla with $66 million of its $75 million in 2007 revenue, the last year for which figures are publicly available. |
|
red1776
on August 25, 2009 8:09 PM |
Matthew said: @red1776: Last I knew, the two had an agreement over Google being the default search provider for Firefox. I'm pretty sure they still have that locked down for a few years (unless something has changed). The last time I read anything about it (6+ months ago I believe) that deal made up some 80-90% of Mozilla's income. Thanks Matthew i was just wondering then why it would be so 'interesting' that the Mozilla team would have discovered the flaw since they are financially joined ,and have a common interest in each others success. |
|
Guest
on August 25, 2009 11:55 PM |
There are two problems with this article: * The flaws are rated "High", not "Critical". Perhaps your choice of "critical" was casual, but as it's a meaningful security rating, it's misleading. * The flaws could not result in direct system compromise and arbitrary code execution because they were contained by the sandbox. Black hats would also need a flaw in the sandbox to break out of it, combined with one of these flaws, to do real damage. This is precisely why we created the sandbox: to provide defense in depth. --Peter Kasting, Chromium developer |
|
AndrestheBean
on August 26, 2009 12:37 AM |
There are two problems with this article: * The flaws are rated "High", not "Critical". Perhaps your choice of "critical" was casual, but as it's a meaningful security rating, it's misleading. * The flaws could not result in direct system compromise and arbitrary code execution because they were contained by the sandbox. Black hats would also need a flaw in the sandbox to break out of it, combined with one of these flaws, to do real damage. This is precisely why we created the sandbox: to provide defense in depth. --Peter Kasting, Chromium developer i get the feeling this guy is important. |
|
Guest
on August 26, 2009 1:33 AM |
I'm glad someone noticed the collaboration with Mozilla. There's a surprisingly large amount of behind-the-scenes collaboration between browser vendors. For example, this blog post illustrates some of the bi-directional sharing between Google and the other browser vendors: http://googleonlinesecurity.blogspot.com/2009/07/improving-w Chris Evans, Chrome Security Team |
|
Julio Franco
on August 26, 2009 3:51 AM |
@Guest (Peter) - Thank you for your feedback. We have updated the original post with a proper correction. |
|
Phantasm66
on August 26, 2009 5:08 AM |
That's cool you saw the article and corrected it Peter. |
,Most Popular
| Trending | Featured |
-
iOS 5.1.1 untethered jailbreak tool released, supports 4S, iPad 3
-
After five days, Facebook ranks as worst IPO flop of the decade
-
Rumor: Windows 8 RC will launch June 1, will ship with Adobe Flash
-
Rumor: AMD "Piledriver" FX CPU production to begin Q3 2012
-
Is Apple's USB wall adapter really worth $29?
Editors' Laptop Picks
Subscribe to TechSpot
Get free exclusive content, learn about new features and tech breaking news.
